February 3, 2010, 9:47AM

Oracle Hacker Gets the Last Word

Database security expert David Litchfield has unveiled a critical, unpatched vulnerability in Oracle's 11G database software that allows a hacker to take control of an Oracle database and access or modify information at any security level.

Two sections of code within the company's database application -- one that allows data to be moved between servers and another that allows management of Oracle's implementation of java -- are left open to any user, rather than only to privileged administrators. Those vulnerable subroutines each have their own simple flaws that allow the user to gain complete access to the database's contents.  Read the full story [Forbes]


Shorten URL: http://threatpost.com/en_us/3Uy. Click to copy to clipboard or post to Twitter

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
Please enter the two words below to help prevent spam.
Incorrect please try again
Enter the words above: Enter the numbers you hear:

 

Copyright © 2010 threatpost.com | Terms of Service | Privacy